Senior GRC Engineer

Life360

7h•Remote

About The Position

Life360 is seeking a Senior GRC Engineer to join their Information Security and Technology team. This role is pivotal in transforming the Governance, Risk, and Compliance (GRC) program towards a modern, automated, and AI-native approach. The position involves building the technical foundation for GRC, including policy-as-code, continuous control testing, and automated evidence generation. A significant part of the role will focus on adapting GRC practices to an AI-native environment, anticipating new policy requirements, and ensuring the governance architecture is prepared for future regulations and autonomous agents. The role emphasizes the use of AI tools for substantive work, requiring strong judgment, ownership, and continuous learning in this rapidly evolving field.

Requirements

5+ years in GRC, security engineering, or a hybrid role owning both policy/control and technical implementation.
Experience building with AI tools, including LLMs and agents, for drafting, code, automation, and investigation.
Coding ability in Python or equivalent to call APIs, build integrations, schedule jobs, and deploy working pipelines.
Ability to evidence controls directly in cloud environments (identity, audit logs, configuration posture, secrets management) by pulling evidence from APIs.
Experience implementing, integrating, or significantly extending a modern GRC platform.
Understanding of SOC 2, ISO 27001, and NIST AI RMF at the control level, including their evolution for AI and agentic systems.
Experience working through SOX ITGC cycles at a public company, managing evidence, walkthroughs, and findings with external auditors.
Experience building or scaling a TPRM program, including designing tiering, assessing vendors, and automating assessment workflows.
Quantitative risk experience, owning a risk register and making it useful to engineers and executives (FAIR or equivalent methodology is a strong signal).
Clear writing skills for policies, control narratives, audit responses, and risk statements.
Bachelor's degree or equivalent.

Nice To Haves

Experience taking a company through SOC 2 Type 2 or ISO 27001 certification from scratch.
Privacy program crossover experience (GDPR, CCPA, data mapping, DPIAs).
Experience on the implementation side of security (engineering, operations, or incident response).
Experience building governance frameworks for AI systems (model risk, ISO 42001, or controls around LLM and agent deployment).
AI-Native Daily use: You use AI tools for real, substantive work — analysis, drafting, automation, code, investigations, evidence gathering.
Judgment and ownership: AI-generated work gets the same scrutiny you'd give any human-produced artifact. You're accountable for everything you ship.
Domain-specific judgment: You know where AI is the wrong tool. Sensitive data handling, attacker-controlled inputs, agents with production access, and privileged identity changes all need careful guardrails — and you can articulate where AI helps, where it hurts, and where it needs a human in the loop.
Leverage: When AI is working well, you take on problems that would otherwise require a larger team. We hire people who use that leverage to ship better outcomes, not just faster ones.
Continuous learning: The tooling moves fast. You stay current, share what works with the team, and speak up when something would meaningfully change how we operate.

Responsibilities

Own the governance framework for Life360's agentic systems, defining policies, control sets, and compliance posture for agent development and deployment.
Apply an agentic approach to GRC by automating evidence collection, drafting control narratives, and triaging vendor questionnaires using AI and internal tooling.
Build the policy program as code, with policies version-controlled in Git and requirements expressed as enforceable rules with automated checks.
Drive SOC 2 Type 2, ISO 27001, and SOX ITGC end-to-end as the management owner, managing evidence, coordinating with external assessors, and closing gaps.
Build an operational risk function that is quantitative-leaning, FAIR-informed, and connected to live data sources.
Mature the TPRM program with tiered reviews, automated evidence collection, and agent-based workflows.
Serve as the primary management contact for auditors, owning scoping, walkthroughs, evidence delivery, and management responses.
Build cross-functional relationships with Engineering, Legal, Privacy, Internal Audit, and Procurement to make GRC a shared practice.
Maintain clear role boundaries between management's GRC operations and Internal Audit's independent assurance.

Benefits

Competitive pay and benefits
Medical, dental, vision, life and disability insurance plans (100% paid for employees)
401(k) plan with company matching program
Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being
Flexible PTO, 13 company-wide days off throughout the year
Winter and Summer Weeklong Synchronized Company Shutdowns
Learning & Development programs
Equipment, tools, and reimbursement support for a productive remote environment
Free Life360 Platinum Membership for your preferred circle
Free Tile Products